A Levy Alpha Stable Model for Anomaly Detection in Network Traffic
|
|
- Suzan Lane
- 6 years ago
- Views:
Transcription
1 A Levy Alpha Stable Model for Anomaly Detection in Network Traffic Diana A Dept of IT, KalasalingamUniversity, Tamilnadu, India arul.diana@gmail.com Mercy Christial T Asst. Prof I/IT, Dept of IT, Kalasalingam University, Tamilnadu, India Abstract-The detection of anomaly in real time traffic is challenging and important task. The statistical method tracks the marginal distribution of traffic flow which is controlled by several driving factors and complicated behavior. This paper proposes the alpha stable model and statistical hypothesis to analyse the traffic pattern. Since the model is a parametric approach which includes the skewness, scatter, centrality and shape as parameters in detecting the traffic windows as anomaly. To classify the traffic patterns by means of GLRT Generalized Likelihood Ratio Test which is used to automatically choose real traffic window to compared with reference under test, with no human intervention.the use of the GLRT is to assess the similarity of a particular trace to reference normal and anomalous traffic windows. Two attacks are focused in this paper namely Flood and Flash crowd. Flood anomalies distinct as having one or more relatively constant sources(ddos attacks). Where as, Flash Crowd deals with the encompass traffic patterns caused by net growth of users trying to access the network resources(web fileserver).each anomaly detection performance have been measured through Receiver Operating Characteristic (ROC) Curve. The goal is to achieve the self adaptation of reference traffic windows to a new real traffic. And also, the network traffic that tends to vary over time, it may be desirable that training traffic is periodically updated to fit new circumstances and recalculate the reference window. Keywords: Alpha Stable, GLRT, Flood, Flashcrowds, ROC. I. INTRODUCTION Anomaly detection aims at finding the presence of anomalous patterns in network traffic. Automatic detection of such patterns can provide network managerial with an additional source of information to diagnose network behavior or finding the root cause of network faults. Internet is today the fundamental component of the worldwide communication infrastructure, playing a crucial role in education, entertainment, business, and social life. Traffic monitoring is certainly one of the paramount tasks for network operators that will be affected by the strong development of network traffic, simply because capturing and analyzing large volumes of heterogeneous traffic network-wide can be extremely costly. Network and traffic anomalies may arise from equipment failures, misconfigurations, and outages, unusual customers behavior (e.g., sudden changes in demand, flash crowds, high volume flows), external routing modifications, network attacks (e.g., DOS attacks, scans, worms), Four stages of anomaly detection in traffic Network Security
2 EICA 021 A Levy Alpha Stable Model for Anomaly Detection in Network Traffic 1.1Data Acquisition In the data acquisition stage, Data collection is done by querying the routers via SNMP periodically for accumulated byte counters at each physical port. These routers should be representative of heavily and lightly loaded networks. The traffic samples are taken at intervals of t seconds, so that data windows of W seconds are continuous. W should be large enough to have a minimum amount of data when trying to fit a statistical model to them, and short enough to have (at least) local stationarity.to ensure the model adequately fits the data,so chose a time window length W = 30 minutes. 1.2Data Analysis With traffic windows of W/t = 360 samples each, the sample size is rather small, so the use of α-stable model, the use of α-stable distributions, unrestricted in their parameter space, as a model for traffic marginals is desirable. α-stable distributions : It is characterized by four parameters.the first two of them, (α) and (β), provide the properties of heavy tails (α) and asymmetry(β), while the remaining two, (σ) and (µ), have analogous senses scatter and center. The allowed values for α lie in the interval (0; 2), being α= 2,while β must lie inside[-1,1] (-1 means totally left-asymmetric and 1totally right-asymmetric). The scatter parameter (σ) must be a Nonzero positive number and (µ) can have any real value. If (α=2), the distribution does not have heavy tails. 1.3Inference A common approach is to define anomalies as a sudden change in any quantity measured in the analysis phase or a significant deviation between the current traffic window and a earlier chosen reference to fix an arbitrary threshold which marks the boundary between normal and anomalous traffic, and trigger an alarm when the threshold is exceeded. So,the use of sets of synthetic anomalies (one set per anomaly type),analogous to the normal traffic windows but known to be anomalous, and setting the threshold so that a given traffic window is classified as normal or anomalous based on its similarity to the normal and anomalous sets and informs via abnormality index. A hypothesis, p(normal traffic) >> p(anomalous traffic) in any correctly behaved network at any circumstance. For these windows, estimate the parameters of an α -stable PDF which fits the data and store those parameters in catalogs which test windows are compared with stored training windows within the corresponding catalog. Diana A, Mercy Christial T 570
3 Figure 1 :Probability Density Function with Different α ValuesTwo Anomalies to Detect Flood anomalies : attacks, which result in a net growth of instantaneous traffic DDoS attacks typically give rise to anomalies Flash-crowd anomalies : traffic patterns, caused by a net growth of (usually human) users trying to access a network resource. overwhelming web server usage patterns Generalized Likelihood Ratio Test (GLRT): The classification algorithm as a parametric test. The α-stable model there is no optimality associated with the GLRT, asymptotically it can be uniformly most powerful (UMP) among all tests that are invariant.to determine whether the current traffic window arrives from the normal set or one of the anomalous sets, Let H0: current traffic is normal versus H1: current traffic is not normal.the GLRT will decide H1, when where x is the vector of traffic samples in the current window, is the chosen threshold, and 0j, 1j are, respectively, the normal and anomalous sets of α- stable parameter 1.4Validation Classifier and Performance 1. For all collected traffic windows belonging to a particular combination of port, hour, and weekday,repeat steps 2 to Prepare three consecutive traffic windows. The first one is the reference window; second and third onesact as normal and anomalous traffic windows. 3. Inject a synthetic flood anomaly of a given intensity into the third window. 4. For time resolutions 5, 10, 20, 40, and 80 seconds per sample, repeat step Estimate the shape parameter of three Gamma distributions, one fitted to each traffic window, and compute the following quadratic distances: a) reference to normal windows and b) reference to anomalous windows. Diana A, Mercy Christial T 571
4 EICA 021 A Levy Alpha Stable Model for Anomaly Detection in Network Traffic Table 1:Confusion Matrix and Performance Metrics 6. Calculate mean quadratic distances over all time resolutions. 7. For a sufficiently dense, logarithmically spaced set of thresholds from 0 to þ1, repeat step 8. Accumulate number of false positives/negatives for each threshold. 9. Calculate false positive/negative ratios. 10. Plot ROC curve and calculate its AUC. First, the data are sampled at 5-second intervals, so no other option than making the multiresolution calculations at a larger scale. Second, choose the window preceding normal and anomalous ones as reference traffic. Third, do as to fairly compare classification performance between approaches. II. CONCLUSION In this paper, an anomaly detection method based on statistical inference and an α-stable first-order model has been studied. a four-phase approach to describe each of the pieces from which to build a functional detection system (data acquisition, data analysis, inference, and validation), yielding the final classification results the uses of aggregated traffic as opposed to packet-level sampling so that any dedicated hardware is not needed.in the data analysis stage, use α-stable distributions as a model for traffic marginals. Since these distributions are able to adapt to highly variable data, and due to the fact that they are the limiting distribution of the generalized central limit theorem, they are a natural candidate to use in modeling aggregated network traffic. REFERENCES 1. A. Scherrer, N. Larrieu, P. Owezarski, P. Borgnat, and P. Abry, Non-Gaussian and Long Memory Statistical Characterizations for Internet Traffic with Anomalies, IEEE Trans. Dependable and Secure Computing, vol. 4, no. 1, pp , Jan C. Manikopoulos and S. Papavassiliou, Network Intrusion and Fault Detection: A Statistical Anomaly Approach, IEEE Comm. Magazine, vol. 40, no. 10, pp , Oct S. Stolfo et al., The Third International Knowledge Discovery and Data Mining Tools Competition, A. Lakhina, M. Crovella, and C. Diot, Diagnosing Network-WideTraffic Anomalies, Proc. ACM SIGCOMM 04, pp , Aug Diana A, Mercy Christial T 572
5 5. A. Papoulis, Probability, Random Variables, and Stochastic Processes,third ed., McGraw-Hill, P. Barford, J. Kline, D. Plonka, and A. Ron, A Signal Analysis ofnetwork Traffic Anomalies, Proc. Second ACM SIGCOMMWorkshop Internet Measurement, pp , Nov P. Embrechts and M. Maejima, Selfsimilar Processes. Princeton Univ. Press, S ApacheJMeter, The Apache Jakarta Project, Apache Software Foundation, G.F. Cretu-Ciocarlie, A. Stavrou, M.E. Locasto, and S.J. Stolfo, Adaptive Anomaly Detection via Self-Calibration and Dynamic Updating, Proc. 12th Int l Symp. Recent Advances in Intrusion Detection (RAID), Sept Cisco Systems, Cisco IOS NetFlow, Diana A, Mercy Christial T 573
Anomaly Detection in Network Traffic: A Statistical Approach
16 Anomaly Detection in Network Traffic: A Statistical Approach Manmeet Kaur Marhas, M.tech Scholar, Dept. of CSE, CMJ University, Shilong, Meghalaya, India Anup Bhange, Asst.Prof, Dept. of IT, KDK College
More informationAutomated Classification of Network Traffic Anomalies
Automated Classification of Network Traffic Anomalies Guilherme Fernandes and Philippe F. Owezarski LAAS - CNRS Université detoulouse 7 Avenue du Colonel Roche 31077 Toulouse, France owe@laas.fr Abstract.
More informationA Signal Analysis of Network Traffic Anomalies
A Signal Analysis of Network Traffic Anomalies Paul Barford with Jeffery Kline, David Plonka, Amos Ron University of Wisconsin Madison Fall, Overview Motivation: Anomaly detection remains difficult Objective:
More informationImpact of Sampling on Anomaly Detection
Impact of Sampling on Anomaly Detection DIMACS/DyDan Workshop on Internet Tomography Chen-Nee Chuah Robust & Ubiquitous Networking (RUBINET) Lab http://www.ece.ucdavis.edu/rubinet Electrical & Computer
More informationNetwork Traffic Anomaly Detection based on Ratio and Volume Analysis
190 Network Traffic Anomaly Detection based on Ratio and Volume Analysis Hyun Joo Kim, Jung C. Na, Jong S. Jang Active Security Technology Research Team Network Security Department Information Security
More informationEvidence Gathering for Network Security and Forensics DFRWS EU Dinil Mon Divakaran, Fok Kar Wai, Ido Nevat, Vrizlynn L. L.
Evidence Gathering for Network Security and Forensics DFRWS EU 2017 Dinil Mon Divakaran, Fok Kar Wai, Ido Nevat, Vrizlynn L. L. Thing Talk outline Context and problem Objective Evidence gathering framework
More informationAccurate Anomaly Detection through Parallelism
Accurate Detection through Parallelism Shashank Shanbhag and Tilman Wolf, University of Massachusetts Abstract In this article we discuss the design and implementation of a real-time parallel anomaly system.
More informationFlowMatrix Tutorial. FlowMatrix modus operandi
FlowMatrix Tutorial A message from the creators: When developing FlowMatrix our main goal was to provide a better and more affordable network anomaly detection and network behavior analysis tool for network
More informationThe Subspace Method for Diagnosing Network-Wide Traffic Anomalies. Anukool Lakhina, Mark Crovella, Christophe Diot
The Subspace Method for Diagnosing Network-Wide Traffic Anomalies Anukool Lakhina, Mark Crovella, Christophe Diot What s happening in my network? Is my customer being attacked? probed? infected? Is there
More informationIJREAS Volume 2, Issue 2 (February 2012) ISSN: ANOMALY DETECTION BASED ON DIVERSE APPROACHES IN NETWORK TRAFFIC ABSTRACT
ANOMALY DETECTION BASED ON DIVERSE APPROACHES IN NETWORK TRAFFIC Anup Bhange* Amber Syad** Satyendra Singh Thakur*** ABSTRACT Network anomaly detection is a vibrant research area. Researchers have to come
More informationStatistical Sketch based Anomaly Detection and Validation using an Anomaly Database
Statistical Sketch based Anomaly Detection and Validation using an Anomaly Database Guillaume Dewaele, Pierre Borgnat, Patrice Abry, Julien Aussibal, Laurent Gallon, P. Owezarski 3, D. Veitch 4 Physics
More informationDetection and Identification of Network Anomalies Using Sketch Subspaces
Detection and Identification of Network Anomalies Using Sketch Subspaces X. Li F. Bian M. Crovella C. Diot R. Govindan G. Iannaccone A. Lakhina ABSTRACT Network anomaly detection using dimensionality reduction
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationDenial of service attack detection based on a non Gaussian and multiresolution traffic modeling
Denial of service attack detection based on a non Gaussian and multiresolution traffic modeling P. Borgnat (), P. Abry (), G. Dewaele (), N. Larrieu (), P. Owezarski (), Y. Zhang (), Y. Labit (), J. Aussibal
More informationAutonomous Network Security For Detection Of Network Attacks using Cluster
Autonomous Network Security For Detection Of Network Attacks using Cluster Ms.Priti K.Doad Department of CSE, G.H.Raisoni College, Amravati. doad.priti@gmail.com Mr.Mahim M.Bartere Department of CSE, G.H.Raisoni
More informationANOMALY DETECTION USING HOLT-WINTERS FORECAST MODEL
ANOMALY DETECTION USING HOLT-WINTERS FORECAST MODEL Alex Soares de Moura RNP Rede Nacional de Ensino e Pesquisa Rua Lauro Müller, 116 sala 1103 Rio de Janeiro, Brazil alex@rnp.br Sidney Cunha de Lucena
More informationUse of Extreme Value Statistics in Modeling Biometric Systems
Use of Extreme Value Statistics in Modeling Biometric Systems Similarity Scores Two types of matching: Genuine sample Imposter sample Matching scores Enrolled sample 0.95 0.32 Probability Density Decision
More informationAnomaly Detection in Communication Networks
Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u
More informationINTERNET TRAFFIC MEASUREMENT (PART II) Gaia Maselli
INTERNET TRAFFIC MEASUREMENT (PART II) Gaia Maselli maselli@di.uniroma1.it Prestazioni dei sistemi di rete 2 Overview Basic concepts Characterization of traffic properties that are important to measure
More informationTo Detect and Prevent the anomaly in Network Traffic Based on Statistical approach and α-stable Model
To Detect and Prevent the anomaly in Network Traffic Based on Statistical approach and α-stable Model 1 Anup Bhange 1 M.tech Scholar, Dept CSE 1 Patel Institute of Technology Bhopal 2 Amber Syed 2 Asst.Prof,
More informationIntrusion Detection by Combining and Clustering Diverse Monitor Data
Intrusion Detection by Combining and Clustering Diverse Monitor Data TSS/ACC Seminar April 5, 26 Atul Bohara and Uttam Thakore PI: Bill Sanders Outline Motivation Overview of the approach Feature extraction
More informationMultivariate Correlation Analysis based detection of DOS with Tracebacking
1 Multivariate Correlation Analysis based detection of DOS with Tracebacking Jasheeda P Student Department of CSE Kathir College of Engineering Coimbatore jashi108@gmail.com T.K.P.Rajagopal Associate Professor
More informationChallenging the Supremacy of Traffic Matrices in Anomaly Detection
Challenging the Supremacy of Matrices in Detection ABSTRACT Augustin Soule Thomson Haakon Ringberg Princeton University Multiple network-wide anomaly detection techniques proposed in the literature define
More informationMulticast Transport Protocol Analysis: Self-Similar Sources *
Multicast Transport Protocol Analysis: Self-Similar Sources * Mine Çağlar 1 Öznur Özkasap 2 1 Koç University, Department of Mathematics, Istanbul, Turkey 2 Koç University, Department of Computer Engineering,
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Anomaly Detection
Introduction to Network Security Missouri S&T University CPE 5420 Anomaly Detection Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
More informationUnit 5: Estimating with Confidence
Unit 5: Estimating with Confidence Section 8.3 The Practice of Statistics, 4 th edition For AP* STARNES, YATES, MOORE Unit 5 Estimating with Confidence 8.1 8.2 8.3 Confidence Intervals: The Basics Estimating
More informationData Mining for Improving Intrusion Detection
Data Mining for Improving Intrusion Detection presented by: Dr. Eric Bloedorn Team members: Bill Hill (PI) Dr. Alan Christiansen, Dr. Clem Skorupka, Dr. Lisa Talbot, Jonathan Tivel 12/6/00 Overview Background
More informationDiscriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric
Discriminating DDoS Attacks from Flash Crowds in IPv6 networks using Entropy Variations and Sibson distance metric HeyShanthiniPandiyaKumari.S 1, Rajitha Nair.P 2 1 (Department of Computer Science &Engineering,
More informationMining Anomalies Using Traffic Feature Distributions
Mining Anomalies Using Traffic Feature Distributions Anukool Lakhina, Mark Crovella, and Christophe Diot Ý BUCS-TR-25-2 Abstract The increasing practicality of large-scale flow capture makes it possible
More informationUNDERSTANDING AND EVALUATING THE IMPACT OF SAMPLING ON ANOMALY DETECTION TECHNIQUES
UNDERSTANDING AND EVALUATING THE IMPACT OF SAMPLING ON ANOMALY DETECTION TECHNIQUES Georgios Androulidakis, Vasilis Chatzigiannakis, Symeon Papavassiliou, Mary Grammatikou and Vasilis Maglaris Network
More informationFuzzy Intrusion Detection
Fuzzy Intrusion Detection John E. Dickerson, Jukka Juslin, Ourania Koukousoula, Julie A. Dickerson Electrical and Computer Engineering Department Iowa State University Ames, IA, USA {jedicker,juslin,koukouso,julied}@iastate.edu
More informationData fusion algorithms for network anomaly detection: classification and evaluation
Data fusion algorithms for network anomaly detection: classification and evaluation V. Chatzigiannakis, G. Androulidakis, K. Pelechrinis, S. Papavassiliou and V. Maglaris Network Management & Optimal Design
More informationTowards Traffic Anomaly Detection via Reinforcement Learning and Data Flow
Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow Arturo Servin Computer Science, University of York aservin@cs.york.ac.uk Abstract. Protection of computer networks against security
More informationActive Queue Management for Self-Similar Network Traffic
Active Queue Management for Self-Similar Network Traffic Farnaz Amin*, Kiarash Mizanain**, and Ghasem Mirjalily*** * Electrical Engineering and computer science Department, Yazd University, farnaz.amin@stu.yazduni.ac.ir
More informationUncovering Artifacts of Flow Measurement Tools
Uncovering Artifacts of Flow Measurement Tools Ítalo Cunha 1,2, Fernando Silveira 1,2, Ricardo Oliveira 3, Renata Teixeira 2, and Christophe Diot 1 1 Thomson 2 UPMC Paris Universitas 3 UCLA Abstract. This
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS
ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,
More informationNetwork Anomaly Detection Using Autonomous System Flow Aggregates
Network Anomaly Detection Using Autonomous System Flow Aggregates Thienne Johnson 1,2 and Loukas Lazos 1 1 Department of Electrical and Computer Engineering 2 Department of Computer Science University
More informationin High-Speed Networks
Classifying Elephant and Mice Flows in High-Speed Networks Mariam Kiran Anshuman Chabbra (NSIT) Anirban Mandal (Renci) Presented at INDIS 2017 ESnet, LBNL 1 Funded under DE-SC0012636 Talk Agenda Current
More informationA Comparison Between the Silhouette Index and the Davies-Bouldin Index in Labelling IDS Clusters
A Comparison Between the Silhouette Index and the Davies-Bouldin Index in Labelling IDS Clusters Slobodan Petrović NISlab, Department of Computer Science and Media Technology, Gjøvik University College,
More informationDixit Verma Characterization and Implications of Flash Crowds and DoS attacks on websites
Characterization and Implications of Flash Crowds and DoS attacks on websites Dixit Verma Department of Electrical & Computer Engineering Missouri University of Science and Technology dv6cb@mst.edu 9 Feb
More informationCOMPARISON OF THE ACCURACY OF BIVARIATE REGRESSION AND BOX PLOT ANALYSIS IN DETECTING DDOS ATTACKS
International Journal of Electronics and Communication Engineering & Technology (IJECET) Volume 6, Issue 12, Dec 2015, pp. 43-48, Article ID: IJECET_06_12_007 Available online at http://www.iaeme.com/ijecetissues.asp?jtype=ijecet&vtype=6&itype=12
More informationA Fluid-Flow Characterization of Internet1 and Internet2 Traffic *
A Fluid-Flow Characterization of Internet1 and Internet2 Traffic * Joe Rogers and Kenneth J. Christensen Department of Computer Science and Engineering University of South Florida Tampa, Florida 33620
More informationReview on Data Mining Techniques for Intrusion Detection System
Review on Data Mining Techniques for Intrusion Detection System Sandeep D 1, M. S. Chaudhari 2 Research Scholar, Dept. of Computer Science, P.B.C.E, Nagpur, India 1 HoD, Dept. of Computer Science, P.B.C.E,
More informationHardware Supports for Network Traffic Anomaly Detection
Hardware Sups for Network Traffic Anomaly Detection Dae-won Kim and Jin-tae Oh Electronics and Telecommunications Research Institute in Korea Abstract - Modern network systems are plagued with unknown
More informationInternet Threat Detection System Using Bayesian Estimation
Internet Threat Detection System Using Bayesian Estimation Masaki Ishiguro 1 Hironobu Suzuki 2 Ichiro Murase 1 Hiroyuki Ohno 3 Abstract. We present an Internet security threat detection system 4 using
More informationTechnical Report Probability Distribution Functions Paulo Baltarejo Sousa Luís Lino Ferreira
www.hurray.isep.ipp.pt Technical Report Probability Distribution Functions Paulo Baltarejo Sousa Luís Lino Ferreira HURRAY-TR-070603 Version: 0 Date: 06-6-007 Technical Report HURRAY-TR-070603 Probability
More informationIntrusion Detection and Malware Analysis
Intrusion Detection and Malware Analysis Anomaly-based IDS Pavel Laskov Wilhelm Schickard Institute for Computer Science Taxonomy of anomaly-based IDS Features: Packet headers Byte streams Syntactic events
More informationEVALUATIONS OF THE EFFECTIVENESS OF ANOMALY BASED INTRUSION DETECTION SYSTEMS BASED ON AN ADAPTIVE KNN ALGORITHM
EVALUATIONS OF THE EFFECTIVENESS OF ANOMALY BASED INTRUSION DETECTION SYSTEMS BASED ON AN ADAPTIVE KNN ALGORITHM Assosiate professor, PhD Evgeniya Nikolova, BFU Assosiate professor, PhD Veselina Jecheva,
More informationServer-side Prediction of Source IP Addresses using Density Estimation
Server-side Prediction of Source IP Addresses using Density Estimation ARES 2009 Conference Markus Goldstein 1, Matthias Reif 1 Armin Stahl 1, Thomas M. Breuel 1,2 1 German Research Center for Artificial
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Chapter 7 - Network Measurements Introduction Architecture & Mechanisms
More informationContinuous Improvement Toolkit. Normal Distribution. Continuous Improvement Toolkit.
Continuous Improvement Toolkit Normal Distribution The Continuous Improvement Map Managing Risk FMEA Understanding Performance** Check Sheets Data Collection PDPC RAID Log* Risk Analysis* Benchmarking***
More informationCollaborative Framework for Testing Web Application Vulnerabilities Using STOWS
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IMPACT FACTOR: 5.258 IJCSMC,
More informationINTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGIES, VOL. 02, ISSUE 01, JAN 2014
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGIES, VOL. 02, ISSUE 01, JAN 2014 ISSN 2321 8665 LOW BANDWIDTH DDOS ATTACK DETECTION IN THE NETWORK 1 L. SHIVAKUMAR, 2 G. ANIL KUMAR 1 M.Tech CSC Dept, RVRIET,
More informationMaster Course Computer Networks IN2097
Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Dr. Nils
More informationIP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks
1274 IEICE TRANS. INF. & SYST., VOL.E91-D, NO.5 MAY 2008 PAPER Special Section on Information and Communication System Security IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks Ping
More informationSD 372 Pattern Recognition
SD 372 Pattern Recognition Lab 2: Model Estimation and Discriminant Functions 1 Purpose This lab examines the areas of statistical model estimation and classifier aggregation. Model estimation will be
More informationUsing traffic snapshots to detect DDoS attacks From state-of-the-art approaches to the industry
Using traffic snapshots to detect DDoS attacks From state-of-the-art approaches to the industry Gilles Roudière 1 (PhD student) Philippe Owezarski 1, François Devienne 2 (Supervisors) 1, {gilles.roudiere,
More informationDETECTION OF NETWORK ANOMALIES USING RANK TESTS
DETECTION OF NETWORK ANOMALIES USING RANK TESTS Céline Lévy-Leduc CNRS/LTCI/Télécom ParisTech 37/39, Rue Dareau - 754 Paris - Email: celine.levy-leduc@telecom-paristech.fr ABSTRACT We propose a novel and
More informationADAPTIVE NETWORK ANOMALY DETECTION USING BANDWIDTH UTILISATION DATA
1st International Conference on Experiments/Process/System Modeling/Simulation/Optimization 1st IC-EpsMsO Athens, 6-9 July, 2005 IC-EpsMsO ADAPTIVE NETWORK ANOMALY DETECTION USING BANDWIDTH UTILISATION
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationNetwork Anomaly Confirmation, Diagnosis and Remediation
Network Amaly Confirmation, Diagsis and Remediation David Plonka and Paul Barford University of Wisconsin - Madison E-mail: {plonka,pb}@cs.wisc.edu Nemean Networks Identifying and diagsing network traffic
More informationDynamic Broadcast Scheduling in DDBMS
Dynamic Broadcast Scheduling in DDBMS Babu Santhalingam #1, C.Gunasekar #2, K.Jayakumar #3 #1 Asst. Professor, Computer Science and Applications Department, SCSVMV University, Kanchipuram, India, #2 Research
More informationA New Approach to Discover Periodic Frequent Patterns
A New Approach to Discover Periodic Frequent Patterns Dr.K.Duraiswamy K.S.Rangasamy College of Terchnology, Tiruchengode -637 209, Tamilnadu, India E-mail: kduraiswamy@yahoo.co.in B.Jayanthi (Corresponding
More informationTwo-Stage Opportunistic Sampling for Network Anomaly Detection
Two-Stage Opportunistic Sampling for Network Anomaly Detection Venkata Rama Prasad Vaddella, Member IEEE and Sridevi Rachakulla Abstract In this paper we propose the two stage opportunistic sampling technique
More informationThe missing links in the BGP-based AS connectivity maps
The missing links in the BGP-based AS connectivity maps Zhou, S; Mondragon, RJ http://arxiv.org/abs/cs/0303028 For additional information about this publication click this link. http://qmro.qmul.ac.uk/xmlui/handle/123456789/13070
More informationANOMALY detection techniques are the last line of defense
1788 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 20, NO. 6, DECEMBER 2012 Anomaly Extraction in Backbone Networks Using Association Rules Daniela Brauckhoff, Xenofontas Dimitropoulos, Arno Wagner, and Kavé
More informationNetwork Traffic Measurements and Analysis
DEIB - Politecnico di Milano Fall, 2017 Sources Hastie, Tibshirani, Friedman: The Elements of Statistical Learning James, Witten, Hastie, Tibshirani: An Introduction to Statistical Learning Andrew Ng:
More informationAttack Detection in Time Series for Recommendation Systems
Attack Detection in Time Series for Recommendation Systems Sheng Zhang, Amit Chakrabarti, James Ford, Fillia Makedon Department of Computer Science, Dartmouth College {clap, ac, jford, makedon}@cs.dartmouth.edu
More informationCpk: What is its Capability? By: Rick Haynes, Master Black Belt Smarter Solutions, Inc.
C: What is its Capability? By: Rick Haynes, Master Black Belt Smarter Solutions, Inc. C is one of many capability metrics that are available. When capability metrics are used, organizations typically provide
More informationA New Statistical Procedure for Validation of Simulation and Stochastic Models
Syracuse University SURFACE Electrical Engineering and Computer Science L.C. Smith College of Engineering and Computer Science 11-18-2010 A New Statistical Procedure for Validation of Simulation and Stochastic
More informationVideo shot segmentation using late fusion technique
Video shot segmentation using late fusion technique by C. Krishna Mohan, N. Dhananjaya, B.Yegnanarayana in Proc. Seventh International Conference on Machine Learning and Applications, 2008, San Diego,
More informationImage Similarity Measurements Using Hmok- Simrank
Image Similarity Measurements Using Hmok- Simrank A.Vijay Department of computer science and Engineering Selvam College of Technology, Namakkal, Tamilnadu,india. k.jayarajan M.E (Ph.D) Assistant Professor,
More informationDistributed Anomaly Detection with Network Flow Data
Distributed Anomaly Detection with Network Flow Data Detecting Network-wide Anomalies Carlos García C. 1 Andreas Vöst 2 Jochen Kögel 2 1 TU Darmstadt Telecooperation Group & CASED 2 IsarNet SWS GmbH 2015-07-24
More informationInternational Journal of Research in Advent Technology, Vol.7, No.3, March 2019 E-ISSN: Available online at
Performance Evaluation of Ensemble Method Based Outlier Detection Algorithm Priya. M 1, M. Karthikeyan 2 Department of Computer and Information Science, Annamalai University, Annamalai Nagar, Tamil Nadu,
More informationAnomaly detection using adaptive resonance theory
Boston University OpenBU Theses & Dissertations http://open.bu.edu Boston University Theses & Dissertations 2013 Anomaly detection using adaptive resonance theory Rossell, Daniel Boston University https://hdl.handle.net/2144/12205
More informationFile Sharing in Less structured P2P Systems
File Sharing in Less structured P2P Systems. Bhosale S.P. 1, Sarkar A.R. 2 Computer Science And Engg. Dept., SVERI s College of Engineering Pandharpur Solapur, India1 Asst.Prof, Computer Science And Engg.
More informationAnalysis of BGP security vulnerabilities
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2011 Analysis of BGP security vulnerabilities Muhammad Mujtaba University
More informationAnomaly Extraction in Backbone Networks Using Association Rules
Anomaly Extraction in Backbone Networks Using Association Rules Daniela Brauckhoff, Xenofontas Dimitropoulos, Arno Wagner, Kavé Salamatian To cite this version: Daniela Brauckhoff, Xenofontas Dimitropoulos,
More information"GET /cgi-bin/purchase?itemid=109agfe111;ypcat%20passwd mail 200
128.111.41.15 "GET /cgi-bin/purchase? itemid=1a6f62e612&cc=mastercard" 200 128.111.43.24 "GET /cgi-bin/purchase?itemid=61d2b836c0&cc=visa" 200 128.111.48.69 "GET /cgi-bin/purchase? itemid=a625f27110&cc=mastercard"
More informationLow-rate and High-rate Distributed DoS Attack Detection Using Partial Rank Correlation
Low-rate and High-rate Distributed DoS Attack Detection Using Partial Rank Correlation Monowar H. Bhuyan and Abhishek Kalwar Dept. of Computer Science & Engg. Kaziranga University, Jorhat-785006, Assam
More informationPattern Recognition ( , RIT) Exercise 1 Solution
Pattern Recognition (4005-759, 20092 RIT) Exercise 1 Solution Instructor: Prof. Richard Zanibbi The following exercises are to help you review for the upcoming midterm examination on Thursday of Week 5
More informationMeasuring Intrusion Detection Capability: An Information- Theoretic Approach
Measuring Intrusion Detection Capability: An Information- Theoretic Approach Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee Georgia Tech Boris Skoric Philips Research Lab Outline Motivation Problem Why
More informationWeb Caching and Content Delivery
Web Caching and Content Delivery Caching for a Better Web Performance is a major concern in the Web Proxy caching is the most widely used method to improve Web performance Duplicate requests to the same
More informationInfluence of Data-Reduction Techniques on Traffic Anomaly Detection
Influence of Data-Reduction Techniques on Traffic Anomaly Detection Paper #232, 14 pages ABSTRACT Statistical techniques for detecting anomalous traffic can be an invaluable tool for the operators of large
More informationCombining Cross-Correlation and Fuzzy Classification to Detect Distributed Denial-of-Service Attacks*
Combining Cross-Correlation and Fuzzy Classification to Detect Distributed Denial-of-Service Attacks* Wei Wei 1, Yabo Dong 1, Dongming Lu 1, and Guang Jin 2 1 College of Compute Science and Technology,
More informationAn Empirical Evaluation of Entropy-based Traffic Anomaly Detection
An Empirical Evaluation of Entropy-based Traffic Anomaly Detection George Nychis, Vyas Sekar, David G. Andersen, Hyong Kim, Hui Zhang {gnychis,kim}@ece.cmu.edu, {vyass,dga,hzhang}@cs.cmu.edu Carnegie Mellon
More informationCorrelation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks
Journal of Computer Science Original Research Paper Correlation Based Approach with a Sliding Window Model to Detect and Mitigate Ddos Attacks 1 Ayyamuthukumar, D. and 2 S. Karthik 1 Department of CSE,
More informationA Novel Texture Classification Procedure by using Association Rules
ITB J. ICT Vol. 2, No. 2, 2008, 03-4 03 A Novel Texture Classification Procedure by using Association Rules L. Jaba Sheela & V.Shanthi 2 Panimalar Engineering College, Chennai. 2 St.Joseph s Engineering
More informationBootstrapping Methods
Bootstrapping Methods example of a Monte Carlo method these are one Monte Carlo statistical method some Bayesian statistical methods are Monte Carlo we can also simulate models using Monte Carlo methods
More informationMs A.Naveena Electronics and Telematics department, GNITS, Hyderabad, India.
Dynamic Training Intrusion Detection Scheme for Blackhole Attack in MANETs Ms A.Naveena Electronics and Telematics department, GNITS, Hyderabad, India. Dr. K.Rama Linga Reddy Electronics and Telematics
More informationLecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations
Lecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations Prateek Saxena March 3 2008 1 The Problems Today s lecture is on the discussion of the critique on 1998 and 1999 DARPA IDS evaluations conducted
More informationSystematic Detection And Resolution Of Firewall Policy Anomalies
Systematic Detection And Resolution Of Firewall Policy Anomalies 1.M.Madhuri 2.Knvssk Rajesh Dept.of CSE, Kakinada institute of Engineering & Tech., Korangi, kakinada, E.g.dt, AP, India. Abstract: In this
More informationStatistics 202: Data Mining. c Jonathan Taylor. Outliers Based in part on slides from textbook, slides of Susan Holmes.
Outliers Based in part on slides from textbook, slides of Susan Holmes December 2, 2012 1 / 1 Concepts What is an outlier? The set of data points that are considerably different than the remainder of the
More informationANOMALY DETECTION IN COMMUNICTION NETWORKS
Anomaly Detection Summer School Lecture 2014 ANOMALY DETECTION IN COMMUNICTION NETWORKS Prof. D.J.Parish and Francisco Aparicio-Navarro Loughborough University (School of Electronic, Electrical and Systems
More informationDOT-K: Distributed Online Top-K Elements Algorithm with Extreme Value Statistics
DOT-K: Distributed Online Top-K Elements Algorithm with Extreme Value Statistics Nick Carey, Tamás Budavári, Yanif Ahmad, Alexander Szalay Johns Hopkins University Department of Computer Science ncarey4@jhu.edu
More informationShortcut Tree Routing using Neighbor Table in ZigBee Wireless Networks
Shortcut Tree Routing using Neighbor Table in ZigBee Wireless Networks Salmu K.P 1, Chinchu James 2 1,2 Department of Computer Science, IIET, Nellikuzhi Abstract- ZigBee is a worldwide standard for wireless
More informationOSSIM Fast Guide
----------------- OSSIM Fast Guide ----------------- February 8, 2004 Julio Casal http://www.ossim.net WHAT IS OSSIM? In three phrases: - VERIFICATION may be OSSIM s most valuable contribution
More informationEmpirical Models of TCP and UDP End User Network Traffic from Data Analysis
Empirical Models of TCP and UDP End User Network Traffic from NETI@home Data Analysis Charles R. Simpson, Jr., Dheeraj Reddy, George F. Riley School of Electrical and Computer Engineering Georgia Institute
More informationA Scalable DDoS Detection Framework with Victim Pinpoint Capability
660 JOURNAL OF COMMUNICATIONS, VOL. 6, NO. 9, DECEMBER 2011 A Scalable DDoS Detection Framework with Victim Pinpoint Capability Haiqin Liu, Yan Sun and Min Sik Kim School of Electrical Engineering and
More information